A Novel Byte-Level Flow-to-Image Encoding Method for Network Intrusion Detection Systems

Abstract

Network-based Intrusion Detection Systems (IDS) are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that converts each network-flow record into a fixed-size RGB image. Continuous features are serialised using IEEE-754 single-precision format and packed sequentially into pixels along an inverted-L shaped trajectory, while discrete features are mapped to byte values and placed contiguously in the middle image row's centre. The encoding is deterministic and reversible, preserving a fixed spatial layout across all samples. Four IDS models are evaluated on NSL-KDD and UNSW-NB15 datasets with both flow and image-based configurations. The image-based representation yields consistent accuracy gains of up to 15.6\% and 12.8\% for binary and multi-classification on UNSW-NB15, and up to 3.5\% and 3.2\% on NSL-KDD, highlighting the potential of byte-level visual encoding to strengthen AI-driven intrusion detection in local computer networks.